Amos Jeffries [Sun, 30 Jun 2013 08:45:09 +0000 (02:45 -0600)]
Bug 3762: remove bogus WARNING in cache.log
The warning is bogus for several reasons:
* it appears with memory-only cache configurations
* it only checks the size of first SwapDir (as seen in bug 3762)
* very large memory spaces are now possible which may make disk appear
small by comparison.
Its usefulness in detecting memory and disk misconfigurations has long
been almosy nil. Removing this entirey to resolve the bogus noise in
the above mentioned legitimate configurations.
Alexis Robert [Sat, 29 Jun 2013 08:23:49 +0000 (02:23 -0600)]
Fix Ip::Address::operator =(sockaddr_storage)
The memcpy() for AF_INET6 is using a length of sizeof(sockaddr_in) instead
of sizeof(sockaddr_in6), so squid was trying to connect to truncatured IPv6
addresses with strange ports.
Alex Rousskov [Sat, 29 Jun 2013 08:20:01 +0000 (02:20 -0600)]
Make sure %<tt includes all [failed] connection attempts.
The old code was using zero n_tries to detect the first connection
attempt,
but n_tries is not incremented when we are opening a new connection
rather
than reusing an old one. Perhaps n_tries should be updated differently
as
well, but this change simply makes %<tt (hier.total_response_time)
management
independent from that [complex] counter.
Alex Rousskov [Wed, 5 Jun 2013 13:00:09 +0000 (07:00 -0600)]
Bug 3717: assertion failed with dstdom_regex with IP based URL
A combination of ACL negation and async lookup leads to
Checklist.cc:287:"!needsAsync && !matchFinished" assertions.
The lower-level ACL code says "not a match because I need an async lookup" but
the negation-handling code in ACL::matches() ignores the "need an async
lookup" part and converts "not a match" into a "match". This patch prevents
that conversion, while allowing Checklist code to decide what to do with
an async lookup (depending on whether the directive being checked supports
slow ACLs).
Note that this change prevents admins from negating async lookups in
directives that do not support them: both "!foo" and "foo" will probably not
match in those directives if ACL foo needs an async lookup.
Amos Jeffries [Tue, 4 Jun 2013 06:58:07 +0000 (00:58 -0600)]
Fix incorrect external_acl_type codes
Documentation describes %USER_CA_CERT_* codes for outputing the CA cert
attributes. However the directive parser and internals were all
referencing it as %CA_CERT_*.
This updates the internals to match documentation, and adds an upgrade
notice for any installations using the old token name.
Also, Prepare external_acl_type format codes for libformat upgrade.
Add upgrade warnings for the %> and %< header codes which will change
radically in a future version when libformat is integrated.
Also, while we are at it support the other logformat codes which map 1:1
but silently for now and only on parse.
Alex Rousskov [Sun, 2 Jun 2013 16:01:18 +0000 (10:01 -0600)]
Ask for SSL key password when started with -N but without sslpassword_program.
Do not give SSL a password-asking callback if sslpassword_program is not
configured. Without a callback, OpenSSL itself asks for the password (which
works if Squid runs in foreground because of -N).
The fix applies to Ssl::readCertChainAndPrivateKeyFromFiles() context only.
This is not the only place where we read private keys. Some other places are
working correctly, but others may need more work. Also,
Ssl::readCertChainAndPrivateKeyFromFiles() may not really work if
sslpassword_program _is_ configured because "user data" pointer will be nil.
Ming Fu [Thu, 23 May 2013 02:26:18 +0000 (20:26 -0600)]
Bug 1991: kqueue causes SSL to hang
Compare the code in normal select and epoll v.s. kqueue. The select use a 0
wait time to get out of select wait in order to handle a list of read_pendings.
However, epoll add the read_pending to read and write event monitor. At a first
look, this seems strange as why read pending has anything to do with write. It
became obvious when the write ready event is triggered. During a write ready
event, if read_pending is on, the read callback is called before the write
callback. As the write buffer is unlikely to be full for an extended period, a
write callback is guaranteed in the immediate future for the read_pending
socket by waiting on write.
The patch follows that same logic as epoll and applies it on kqueue.
Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
This bug is a Makefile dependencies problem.
- The cf_gen includes the cf_gen_defines.cci so this file should included in
cf_gen dependencies.
- Currently the cf_gen_defines.cci exist in cf_gen.$(OBJEXT) dependencies but
does not have any effect because the obj file never build and used.
- Also the cf_gen_defines.cci file depends on autoconf.h so this file should
added to to cf_gen_defines.cc dependencies.
All of the sources has the autoconf.h file in their dependencies.
But the cf_gen_defines.cci is auto-generated and does not exist when the
dependencies computed.
Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
OpenSSL-1.0.x has changes in TXT_DB interface over the earlier openSSL releases.
Also looks that the IMPLEMENT_LHASH_* macros are not correctly implemented and
causes compile failures.
Some of the linux distributions to overcome the above problems trying to patch
openSSL SDK. For squid this is means that the current checks based on openSSL
version can not work.
This patch try to detect at configure time:
- if the TXT_DB uses the new implementation investigated in openSSL-1.0.x
releases
- If the IMPLEMENT_LHASH_* openSSL macros are correctly implemented.
Then uses the autoconf defines to implement the correct workarounds for used
openSSL SDK.
This patch try to avoid using the SSL_get_certificate function. While configures
squid run tests:
- to examine if the workaround code can be used
- to detect buggy SSL_get_certificate
Inside Ssl::verifySslCertificate try to use workarround code and if this is not
possible uses the SSL_get_certificate if it is not buggy, else hit an assertion
Amos Jeffries [Sun, 19 May 2013 02:43:38 +0000 (20:43 -0600)]
Log an ERROR instead of halting on unknown cache_dir types
Squid-3 can run fine without any configured cache_dir. This assists with
upgrade from older Squid-2 where COSS or NULL cache types may be present.
It also assists with backward compatibility for any future cache types
which may be added in future.
Silamael [Sun, 19 May 2013 02:38:40 +0000 (20:38 -0600)]
Bug 2648: Add missing piece omitted from rev.9677
rev.9677 created forward_max_tries directive but omitted one of the
checks. This adds that check and allows forward_max_tries to be set
to values greater than 10.
Amos Jeffries [Sun, 19 May 2013 02:35:36 +0000 (20:35 -0600)]
Remove origin_tries limiter on forwarding
This limit seems to have been set to prevent large amount of looping when
DIRECT attempts fail under the old model of constant DNS lookups and
retries.
However it is hard-coded and has no configuration knob visible. Under
the curent model of all destinations being enumerated once and tried
sequentially this protection would seem to be no longer necessary and
somewhat harmful as it will be preventing retries reaching destinations
with more than 2 unreachable IPs (think 3 IPv6 and an IPv4 on IPv4-only
network).
Alex Rousskov [Sun, 19 May 2013 02:34:11 +0000 (20:34 -0600)]
Fixed leaking configurable SSL error details.
Trunk r11496 "Configurable SSL error details messages" correctly disabled
collection of HTTP statistics for non-HTTP header fields, such as configurable
SSL error details. However, it also incorrectly disabled deletion of those
non-HTTP header fields.
Configurable SSL error details are only created during [re]configuration time,
so the leak went unnoticed since 2011-06-17, but the same bug caused a major
runtime annotation leak later (r12413) until the new annotation code was
redesigned to avoid using HttpHeader (r12779).
Alex Rousskov [Sun, 19 May 2013 02:32:10 +0000 (20:32 -0600)]
Avoid !closing assertions when helpers call comm_read [during reconfigure].
While helper reading code does check for COMM_ERR_CLOSING, it is not sufficient
because helperReturnBuffer() called by the reading code may notice the helper
shutdown flag (set earlier by reconfigure) and start closing the connection
underneath the reading code feet.
The stricter xato*() parsing bounds checks are halting on the ','
delimiters. Fix this by adding an optional end-of-value parameter to the
relevant parse functions and sending the delimiter in.
This fix makes xatoui() and xatoll() more friendly to parsing
unterminated strings.
previous to this fix the latter two values of tcpkeepalive= were
undocumented optional. This makes Squid enforce the documented format
where all three values are required if any is set.
* Mostly adding DEFAULT_DOC directive to hide strange default values.
This wll help us move to different internal values for no-limit etc
at some point in the future.
* Migrates some access controls to "DEFAULT: none" instead of "deny all".
This reduces run-time CPU cycles running useless ACL tests.
NP: some access controls have been left unchanged due to complexity in
the code testing them (ie icap_access).
* added documentation for several directives which were missing text
* corrected buffered_logs documentation (text by Alex Rousskov)
* updated cf_gen tool to produce more descriptive error messages
* corrected icp_access default to match documented 'deny all' permission
Alex Rousskov [Thu, 25 Apr 2013 15:47:40 +0000 (09:47 -0600)]
Prevent external_acl.cc "inBackground" assertion on queue overloads.
The enqueue check for external ACL lookups was inconsistent with the final
queue length check in ExternalACLLookup::Start(). The former allowed adding to
the already full (but not yet overflowing) queue while the latter
rightfully(?) asserted that the queue should not overflow.
The SSL_get_certificate implementation in OpenSSL 1.0.1d and 1.0.1e releases,
will crash if called before the certificate sent to the client.
This patch add a hack when one of the problematic OpenSSL versions used to
retrieve the certificate directly from SSL_CTX object, instead of creating
a temporary SSL object, and call SSL_get_certificate.
Some systems like GNU Hurd provide the mmap() API but lack MAP_NORESERVE
support. This option is an optimization, so we can define the macro
ourselves to nil and apparently not suffer (many) bad side effects.
Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
Inside function Ssl::matchX509CommonNames which checks a domain name against
certificate common name and alternate names, if the domain matches any of the
alternate names the function return without releasing allocated data.
Michal Luscon [Thu, 18 Apr 2013 05:30:47 +0000 (23:30 -0600)]
Bug 3825: basic_ncsa_auth segfaulting with glibc-2.17
It appears the crypt() function may return NULL strings. Check for those
before all strcmp() operations.
NOTE: The MD5 output checks are probably not needed but since SquidMD5 is
an object build-time switched between several encryption library API
definitions it is better to be safe here as well.
Fix enter_suid/leave_suid build errors in ip/Intercept.cc
Intercept.cc:210: error: 'enter_suid' was not declared in this scope
Intercept.cc:217: error: 'leave_suid' was not declared in this scope
We should just be including tools.h, but on some GCC the src/tools.h and
src/ip/tools.h include locations clash when building inside src/ip/.
For now we must reference the src/tools.h by its long path.
This adds support for the PF 'divert-to' target which presents the
client and remote IPs directly to Squid in accept() parameters the
way Linux TPROXY target does.
It also adds support for the SO_BINDANY option on outgoing traffic for
client IP address spoofing which completes the TPROXY behaviour.
To enable these features Squid built with --enable-pf-transparent can
be configured with:
http_port 1234 tproxy
There is no reason why manager access should be excluded from CONNECT and
Safe_ports security checks. Also, under the new design manager ACL is a
REGEX pattern test, which may be quite slow.
Overall there should be better performnce under certain DoS condtions
having the manager tests after the port tests, with no change under the
other more common traffic.
Amos Jeffries [Fri, 29 Mar 2013 05:59:17 +0000 (23:59 -0600)]
Fix memory leaks in ConnStateData pinning
ConnStateData does not cleanup any of the pinning child structure fields.
This results in a leak of pinned host and peer details.
Run the full un-pin cleanup operation from ConnStateData::swanSong in
order to clean up all the pinning state instead of just the release the
Comm::Connection.
This fix keeps Rock cache_dirs visible to Cache Manager after reconfigure.
We still lack proper support for complex reconfiguration changes involving
cache_dirs.
Amos Jeffries [Fri, 29 Mar 2013 05:55:45 +0000 (23:55 -0600)]
HTTP/1.1: partial support for no-cache and private= controls with parameters
Since we now support HTTP/1.1 storage and revalidation of
Cache-Control:no-cache it is important that we at least detect the cases
where no-cache= and private= contain parameters.
These are likely still rare occurances due to the historic lack of
support. So for now Squid just detects and exempts these responses from
the caching performed. The basic framework for adding handling of the
header lists is made available but not at this time used.
Amos Jeffries [Thu, 14 Mar 2013 11:32:19 +0000 (05:32 -0600)]
Fix SSL Bump bypass for intercepted traffic
The SSL-bump bypass code on intercepted HTTPS traffic generates a fake
CONNECT request from the original destination IP:port in an attempt to
trigger a TCP tunnel being opened for the un-bumped data to be
transferred over.
The current implementation breaks in two situations:
1) when IPv6 traffic is intercepted
The URL field generated does not account for the additional []
requirements involved when IPv6+port are combined.
The resulting fake requests look like:
CONNECT ::1:443 HTTP/1.1
Host: ::1
... which are both invalid, and will fail to parse. Breaking IPv6 HTTPS
interception bypass.
Resolve this by using Ip::Address::ToURL() function which was created
for the purpose of generating URL hostnames from raw-IP + port with
the bracketing inserted when required.
2) when a non-443 port is being intercepted
The Host: header generated is missing the port and Squid Host: header
validity will reject the outbound
CONNECT 127.0.0.1:8443 HTTP/1.1
Host: 127.0.0.1
... this is an invalid request. Squid is currently ignoring the Host
header. However Squid tunnel.cc does make use of peering and may relay
the fake request Host: to upstream peers where we cannot be so sure what
will happen.
Resolve this issue by re-using the generated IP:port string for both URL
and Host: fields, which preserves teh port in Host: regardless of value.
This also means there is an unnecessary :443 tagged on for most HTTPS
traffic, however the omission of port from the Host: header is only a MAY
and this should not cause any issues.
Amos Jeffries [Fri, 8 Mar 2013 02:05:39 +0000 (19:05 -0700)]
Regression fix: Accept-Language header parse
When handling error page negotiation the header parse to detect language
code can enter into an infinite loop. Recover the 3.1 series behaviour
and fix an additional pre-existing off-by-1 error.
The errors were introduced in trunk rev.11496 in 3.2.0.9.
Amos Jeffries [Mon, 4 Mar 2013 20:08:47 +0000 (13:08 -0700)]
Fix authentication headers sent on peer digest requests
Cache digest fetches have been sending the cache_peer login= option
value without sanitizing it for special-case values used internally
by Squid. This causes authentication failure on peers which are checking
user credentials.
The cases which were earlier causing a lot of RAM 'leaks' have been
resolved already and the remaining causes appear to all be in components
with short packet handling pathways where the orphan is not wasting much
in the way of RAM bytes or FD time.
The trace is left at level-4 for future debugging if necessary.
Amos Jeffries [Fri, 1 Mar 2013 10:01:57 +0000 (03:01 -0700)]
MacOS: reduce the testRock unit test UDS path
On MacOS shm_open() requires the name entry to be less than 31 bytes
long. The garbage name used by testRock was 35 bytes and not really
describing what it was used for in the test anyway.
TODO: find out and fix why MacOS still responds EINVAL once the path
is set to a usable length.
Amos Jeffries [Tue, 26 Feb 2013 22:21:22 +0000 (15:21 -0700)]
Bug 3720: SourceLayout: shuffle fd_table definition into fde.h
Shift the definition out of globals.h into fde.h where the type class
is defined, and the instance into fde.cc. Fixing bug 3720; build errors
on OpenIndiana and Solaris.
Also, move it into the fde class scope as a static Table member.
Provides wrapper definition of fd_table to reduce patch impact.
Amos Jeffries [Mon, 25 Feb 2013 03:47:25 +0000 (20:47 -0700)]
Bug 3794: MacOS: workaround compiler errors and case-insensitivity
MacOS GCC version implicitly searches the local directory for .h
includes despite the absence of -I. in the provided options.
Furthermore it searches with case-insensitive filenames due to the
underlying case-insensitive filesystem.
The combined result is that libacl .cc files include their local copy of
acl/Url.h instead of the base directories src/URL.h which was needed.
The long term fix will be to shuffle URL.h and its related code into
a convenience library. For now we can avoid issues by prefixing the full
src/ path to the includes.
Amos Jeffries [Mon, 25 Feb 2013 03:42:35 +0000 (20:42 -0700)]
Bug 3753: Removes the domain from the cache_peer server pconn key
Under the squid-3.2 pconn model the IP:port specifying the destination
are part of the key and can be used to strictly filter selection when
locating pconn. This means the domain is no longer a necessary part
of the key.
Squid using cache_peer can see a large number of wasted idle connections
to their peers due to the key domain value if the peer hostname is not
substituted properly. There is also a similar affect when contacting
servers with virtual hosted domains.
Also bug 3753 was located with peer host and name= values being used
inconsistently as the domain marker. Resulting in failed pop()
operations and extra FD usage.
This has been tested for several months now with only socket usage
benefits seen in several production networks.
NOTE: previous experience some years back with pconn has demonstrated
several broken web servers which assume all requests on a persistent
connection are for the same virtual host. For now this change avoids
altering the behaviour on DIRECT traffic for this reason.
Amos Jeffries [Thu, 14 Feb 2013 07:34:42 +0000 (00:34 -0700)]
Bug 3686: cache_dir max-size default fails
If some cache_dir are configured with max-size and some not the default
maximum_object_size limit fails.
This refactors the max-size management code such that each SwapDir always
has a value maxObjectSize(). This value is calculated from the SwapDir
local setting or global limit as appropriate.
The global maximum_object_size directive is migrated to simply be a default
for cache_dir max-size= option.
The global store_maxobjsize variable is altered to be the overall global
limit on how big an object may be cache by this proxy. It now takes into
account the max-size for all cache_dir and cache_mem limitation.
NP: The slow accumulation of these and earlier changes means Squid no
longer immediately caches unknown-length objects. The unit-tests are
therefore changed to test using explicit 0-length objects to ensure the
test is on a cached object not bypassing the apparently ested logic.
They are also provided with a large global store_maxobjsize limit in order
to do a weak test of the SwapDir types max-size in the presence of other
larger cache_dir or maximum_object_size settings.
Alex Rousskov [Sat, 9 Feb 2013 12:48:22 +0000 (05:48 -0700)]
Bug 3752: objects that cannot be cached in memory are not cached on disk if cache_dir max-size is used.
This fix contains four related changes:
1) When fixing "trimMemory for unswappable objects" (trunk r11969), we
replaced swapoutPossible() with swappingOut()||mayStartSwapOut() but missed
the fact that swapoutPossible() had "possible now" semantics while
mayStartSwapOut() has "may start now or in the future" semantics. When all
cache_dirs had max-size set, mayStartSwapOut() returned false for objects of
unknown size and even for smaller-than-maximum but not-yet-received objects,
despite the fact that those objects could be swapped out later.
That false mayStartSwapOut() result allowed maybeTrimMemory() to trim those
objects memory and mark the objects for release, preventing their subsequent
disk caching.
2) To fix (1) above, mayStartSwapOut() had to return true for not-yet-received
objects of unknown size. However, returning true is correct only if no
subsequent check can return false. Thus, we had to move all lower/later checks
that could return false up, placing them before the maximum-of-all-max-sizes
check.
3) Once (2) was done, the end of mayStartSwapOut() had (a) a loop that could
return true while setting decision to MemObject::SwapOut::swPossible and (b)
an unconditional code that did ... the same thing. Thus, the loop could no
longer change the method outcome. The loop also had a lot of doubts and XXXs
attached to it. We removed it. If that loop is needed, it is needed and must
be resurrected elsewhere.
4) Since mayStartSwapOut() returns true if swapout is possible in the future
(but not necessarily now), we cannot rely on its return value to initiate
swapout code. We need to test whether swapout.decision is swPossible instead.
Alex Rousskov [Fri, 8 Feb 2013 11:25:14 +0000 (04:25 -0700)]
Make squid -z for cache_dir rock work like UFS instead of like COSS.
Also, Polish -z documentation and cache.log reporting.
When a startup script runs squid -z by mistake against a cache_dir that is
already initialized and full of cached entries, some admins prefer that
nothing happens. Rock store now skips reinitialization if both the cache_dir
directory and the db file in that directory exist. If one or both are missing,
the missing pieces are created.
UFS does something similar because it creates missing L1 and L2 directories
but does not erase any entries already present in the cache_dir path. COSS,
OTOH, re-initializes the existing db. Rock behavior will now be closer to UFS.
To clean a corrupted cache_dir, the admin must remove its top-level directory
before running squid -z.
Squid now logs "Creating missing swap directories" instead of "Creating Swap
Directories", and our documentation now reflects the "if missing" part of the
-z algorithm.
Also documented that recent Squid versions run -z in daemon mode (so that SMP
configuration macros continue to work).
projects / thirdparty / squid.git / log
